Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snyk-filter produces invalid JSON output when used with --all-projects input from the Snyk CLI #71

Open
snykerjames opened this issue Jun 30, 2021 · 3 comments
Open

snyk-filter produces invalid JSON output when used with --all-projects input from the Snyk CLI #71

snykerjames opened this issue Jun 30, 2021 · 3 comments
Assignees
@lili2311
Labels
enhancement New feature or request

Comments

@snykerjames
Copy link

Using:
snyk@1.651.0
snyk-filter@1.1.0
snyk-to-html@2.0.1

When run with the --all-projects JSON input from the Snyk CLI, snyk-filter produces invalid JSON output, as illustrated in the following example with snyk-to-html:

> $ snyk test --all-projects --json | snyk-filter -f ~/opt/snyk/filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results.html
Using a custom API endpoint from `snyk config` (tip: it should contain path to `/api`): https://snyk.io/api/v1/
json output enabled
json output enabled
json output enabled
High severity & upgradeable vulns found. Please review upgrade steps
Snyk Test Failed
The source provided is not a valid json! Please validate that the input provided to the CLI is an actual JSON

Tip: To find more information, try running `snyk-to-html` in debug mode by appending to the CLI the `-d` parameter

Error running `snyk-to-html`. Please check you are providing the correct parameters. Is the issue persists contact support@snyk.io

Attached are the JSON outputs from the Snyk CLI and from snyk-filter, along with a copy of the filter that was used.
supporting-docs.zip

It appears the difference between the two outputs is that the CLI output contains an array of snyk projects, but the snyk-filter output is a concatenation of these.
@aarlaud
Copy link
Collaborator

aarlaud commented Jun 30, 2021

Ack. Snyk-filter predates all-projects option but we'll take a look.

@aarlaud aarlaud added the enhancement New feature or request label Jun 30, 2021
@odlevakp
Copy link

Any movement on this?

I have the same issue, when using --all-projects with snyk test and feeding it to snyk-filter, it will produce invalid JSONs. Would be nice if I can provide developers with snyk-to-html output to better show why their deployment was stopped, instead of the plain output during a pipeline run.

@lili2311
Copy link
Contributor

hi @odlevakp This repository is not actively maintained, we are working on critical bug fixes only. However we can suggest you try something like this as a .sh script, but it would generate individual results instead of 1 html file:


#!/bin/bash

set -euo pipefail

exit_code=0

echo 'Running snyk test --all-projects --json | snyk-filter'


for test in `snyk test --all-projects --json $* | jq -r '. | select(.[] or .vulnerabilities) | @base64'`; do    
    project_exit_code=$?
    exit_code+=$project_exit_code
    project="$(echo ${test} | base64 --decode | jq -r '.displayTargetFile')"
    echo ${test} | base64 --decode | snyk-filter -f ./filter-high-vulns-upgradeable.yml --json |snyk-to-html -o results-${project}.html
done

exit $exit_code

@lili2311 lili2311 self-assigned this Jun 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lili2311 lili2311

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lili2311 @aarlaud @odlevakp @snykerjames